package com.example.config;

import com.example.filter.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

/**
 * @author: 21050134
 * @date: 2023/11/8 16:47
 * @description:
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled =true) //开启授权注解功能
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
	@Autowired
	private AuthenticationEntryPoint authenticationEntryPoint;

	@Autowired
	private AccessDeniedHandler accessDeniedHandler;

	@Autowired
	private AuthenticationSuccessHandler authencationSuccessHandler;

	@Autowired
	private AuthenticationFailureHandler authencationFailureHandler;

	@Autowired
	private LogoutSuccessHandler logoutSuccessHandler;


	@Bean
	public PasswordEncoder passwordEncoder(){
		return new BCryptPasswordEncoder();
	}


	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception{
		httpSecurity
				//关闭csrf
				.csrf().disable().
				//不通过Session获取SecurityContext
				sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
				.and()
				.authorizeRequests()
				// 对于登录接口 允许匿名访问
				.antMatchers("/user/login").anonymous()
				//.antMatchers("/testCors").hasAuthority("system:dept:list211")
				// 除上面外的所有请求全部需要鉴权认证
				.anyRequest().authenticated();

		//把token校验过滤器添加到过滤器链中
		httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);

		//配置异常处理器
		httpSecurity.exceptionHandling()
				//认证失败处理器
				.authenticationEntryPoint(authenticationEntryPoint)
				.accessDeniedHandler(accessDeniedHandler);

		//允许跨域
		httpSecurity.cors();


		httpSecurity.formLogin().
				//配置认证成功处理器
						successHandler(authencationSuccessHandler)
				//配置认证失败处理器
				.failureHandler(authencationFailureHandler);

		//配置注销成功处理器
		httpSecurity.logout().logoutSuccessHandler(logoutSuccessHandler);


		//因为重写了 所以需要手动添加认证规则
	//	httpSecurity.authorizeRequests().anyRequest().authenticated();

	}

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception{
		return super.authenticationManagerBean();
	}

}
